<?php
/**
 * @version		$Id: controller.php 11299 2008-11-22 01:40:44Z ian $
 * @package		Joomla
 * @subpackage	Users
 * @copyright	Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
 * @license		GNU/GPL, see LICENSE.php
 * Joomla! is free software. This version may have been modified pursuant
 * to the GNU General Public License, and as distributed it includes or
 * is derivative of works licensed under the GNU General Public License or
 * other free or open source software licenses.
 * See COPYRIGHT.php for copyright notices and details.
 */

// no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

jimport('joomla.application.component.controller');

/**
 * Users Component Controller
 *
 * @package		Joomla
 * @subpackage	Users
 * @since 1.5
 */
class NoticesController extends JController
{
	/**
	 * Constructor
	 *
	 * @params	array	Controller configuration array
	 */
	function __construct($config = array())
	{
		parent::__construct($config);

		// Register Extra tasks//注册任务与方法的关联
		$this->registerTask( 'add'  , 	'display'  );
		$this->registerTask( 'edit'  , 	'display'  );
		$this->registerTask( 'apply', 	'save'  );
		//$this->registerTask( 'flogout', 'logout');
		//$this->registerTask( 'unblock', 'block' );
		$this->registerTask( 'enban', 'enban');
		
	}

	/**
	 * Displays a view
	 */
	function display( )
	{
		switch($this->getTask())
		{
			case 'add'     :
			{	JRequest::setVar( 'hidemainmenu', 1 );
				JRequest::setVar( 'layout', 'form'  );
				JRequest::setVar( 'view', 'user' );
				JRequest::setVar( 'edit', false );
			} break;
			case 'edit'    :
			{
				JRequest::setVar( 'hidemainmenu', 1 );
				JRequest::setVar( 'layout', 'form'  );
				JRequest::setVar( 'view', 'user' );
				JRequest::setVar( 'edit', true );
			} break;
			case 'envip'    :
			{
				JRequest::setVar( 'hidemainmenu', 1 );
				JRequest::setVar( 'layout', 'form'  );
				JRequest::setVar( 'view', 'user' );
				JRequest::setVar( 'edit', true );
			} break;
		}

		parent::display();
	}

	/**
	 * Saves the record
	 */
	function save()
	{
		global $mainframe;

		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$option = JRequest::getCmd( 'option');

		// Initialize some variables
		$db			= & JFactory::getDBO('shaishaidb');
//		$me			= & JFactory::getUser();//获取当前用户
//		$acl			=& JFactory::getACL();//获取授权
//		$MailFrom	= $mainframe->getCfg('mailfrom');
//		$FromName	= $mainframe->getCfg('fromname');
//		$SiteName	= $mainframe->getCfg('sitename');

 		// Create a new JUser object
//		$user = new JUser(JRequest::getVar( 'id', 0, 'post', 'int'));

//		$original_gid = $user->get('gid'); 
		$post = JRequest::get('post');
		$post['isban']	= JRequest::getVar('isban', '', 'post', 'int');
		$post['viptype']	= JRequest::getVar('viptype', '', 'post', 'int');
		$post['grade']	= JRequest::getVar('grade', '', 'post', 'int');
		$post['score']	= JRequest::getVar('score', '', 'post', 'int');
		$post['id'] = JRequest::getVar('id', '', 'post', 'int');
		if($post['viptype']!= -1 ) {
			$vipset = ',is_vip = 1,vip_type = '.$post['viptype'];
		} else {
			$vipset = ',is_vip = 0,vip_type = 0';
		}

//		if (!$user->bind($post))
//		{
//			$mainframe->enqueueMessage(JText::_('CANNOT SAVE THE USER INFORMATION'), 'message');
//			$mainframe->enqueueMessage($user->getError(), 'error');
//			//$mainframe->redirect( 'index.php?option=com_users', $user->getError() );
//			//return false;
//			return $this->execute('edit');
//		}

//		$objectID 	= $acl->get_object_id( 'users', $user->get('id'), 'ARO' );
//		$groups 	= $acl->get_object_groups( $objectID, 'ARO' );
//		$this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );
//
//
//		if ( $user->get('id') == $me->get( 'id' ) && $user->get('block') == 1 )
//		{
//			$msg = JText::_( 'You cannot block Yourself!' );
//			$mainframe->enqueueMessage($msg, 'message');
//			return $this->execute('edit');
//		}
//		else if ( ( $this_group == 'super administrator' ) && $user->get('block') == 1 ) {
//			$msg = JText::_( 'You cannot block a Super Administrator' );
//			$mainframe->enqueueMessage($msg, 'message');
//			return $this->execute('edit');
//		}
//		else if ( ( $this_group == 'administrator' ) && ( $me->get( 'gid' ) == 24 ) && $user->get('block') == 1 )
//		{
//			$msg = JText::_( 'WARNBLOCK' );
//			$mainframe->enqueueMessage($msg, 'message');
//			return $this->execute('edit');
//		}
//		else if ( ( $this_group == 'super administrator' ) && ( $me->get( 'gid' ) != 25 ) )
//		{
//			$msg = JText::_( 'You cannot edit a super administrator account' );
//			$mainframe->enqueueMessage($msg, 'message');
//			return $this->execute('edit');
//		}
//	
//				$query = 'SELECT COUNT( id )'
//					. ' FROM #__users'
//					. ' WHERE gid = 25'
//					. ' AND block = 0'
//				;
//				$db->setQuery( $query );
//				$count = $db->loadResult();


		/*
	 	 * Lets save the JUser object
	 	 */
		$query = 'UPDATE user SET is_banned = '.$post['isban'].$vipset.' where id = '.$post['id'];
		
		$db->setQuery( $query );			
		$db->loadResult();
		
		$query = 'UPDATE user_grade SET grade = '.$post['grade'].',score = '.$post['score'].' where user_id = '.$post['id'];
		$db->setQuery( $query );			
		$db->loadResult();
		
		switch ( $this->getTask() )
		{
			case 'apply':
				$msg = JText::_( '成功配置用户 ' .$post['id']);
				$this->setRedirect( 'index.php?option=com_users&view=user&task=edit&cid[]='. $post['id'], $msg );
				break;

			case 'save':
			default:
				$msg = JText::_( '成功配置用户 '.$post['id'] );
				$this->setRedirect( 'index.php?option=com_users', $msg );
				break;
		}
	}

	/**
	 * Removes the record(s) from the database
	 */
	function remove()
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$db 			=& JFactory::getDBO();
		$currentUser 	=& JFactory::getUser();
		$acl			=& JFactory::getACL();
		$cid 			= JRequest::getVar( 'cid', array(), '', 'array' );

		JArrayHelper::toInteger( $cid );

		if (count( $cid ) < 1) {
			JError::raiseError(500, JText::_( 'Select a User to delete', true ) );
		}

		foreach ($cid as $id)
		{
			// check for a super admin ... can't delete them
			$objectID 	= $acl->get_object_id( 'users', $id, 'ARO' );
			$groups 	= $acl->get_object_groups( $objectID, 'ARO' );
			$this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );

			$success = false;
			if ( $this_group == 'super administrator' )
			{
				$msg = JText::_( 'You cannot delete a Super Administrator' );
			}
			else if ( $id == $currentUser->get( 'id' ) )
			{
				$msg = JText::_( 'You cannot delete Yourself!' );
			}
			else if ( ( $this_group == 'administrator' ) && ( $currentUser->get( 'gid' ) == 24 ) )
			{
				$msg = JText::_( 'WARNDELETE' );
			}
			else
			{
				$user =& JUser::getInstance((int)$id);
				$count = 2;

				if ( $user->get( 'gid' ) == 25 )
				{
					// count number of active super admins
					$query = 'SELECT COUNT( id )'
						. ' FROM #__users'
						. ' WHERE gid = 25'
						. ' AND block = 0'
					;
					$db->setQuery( $query );
					$count = $db->loadResult();
				}

				if ( $count <= 1 && $user->get( 'gid' ) == 25 )
				{
					// cannot delete Super Admin where it is the only one that exists
					$msg = "You cannot delete this Super Administrator as it is the only active Super Administrator for your site";
				}
				else
				{
					// delete user
					$user->delete();
					$msg = '';

					JRequest::setVar( 'task', 'remove' );
					JRequest::setVar( 'cid', $id );

					// delete user acounts active sessions
					$this->logout();
				}
			}
		}

		$this->setRedirect( 'index.php?option=com_users', $msg);
	}
	
	function enban()
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$db 			=& JFactory::getDBO('shaishaidb');
		$currentUser 	=& JFactory::getUser();
		//$acl			=& JFactory::getACL();
		$cid 			= JRequest::getVar( 'cid', array(), '', 'array' );
		
		JArrayHelper::toInteger( $cid );

		if (count( $cid ) < 1) {
			JError::raiseError(500, JText::_( '请先选择一用户，再进行操作', true ) );
		}

		foreach ($cid as $id)
		{
		
			$success = false;
			$query = 'SELECT is_banned'
					.' FROM notice '
					.' where id ='.$id;
			$db->setQuery( $query );
			$is_banned = $db->loadResult();
			if($is_banned == 1)
			   $msg = '该消息已被封禁！';
			else {
				
				$query = 'UPDATE notice SET is_banned = 1 where id = '.$id;
				$db->setQuery( $query );
				if($db->loadResult()) $msg = '封禁消息失败！';
				else $msg = '封禁消息成功！';
			}
//        	JRequest::setVar( 'task', 'enban' );
//			JRequest::setVar( 'cid', $id );
			}

		$this->setRedirect( 'index.php?option=com_notices', $msg);
	}
	function unban()
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$db 			=& JFactory::getDBO('shaishaidb');
		$currentUser 	=& JFactory::getUser();
		//$acl			=& JFactory::getACL();
		$cid 			= JRequest::getVar( 'cid', array(), '', 'array' );
		
		JArrayHelper::toInteger( $cid );

		if (count( $cid ) < 1) {
			JError::raiseError(500, JText::_( '请先选择一用户，再进行操作', true ) );
		}

		foreach ($cid as $id)
		{
		
			$success = false;
			$query = 'SELECT is_banned'
					.' FROM notice '
					.' where id ='.$id;
			$db->setQuery( $query );
			$is_banned = $db->loadResult();
			if($is_banned == 0)
			   $msg = '该消息已被解封！';
			else {
				
				$query = 'UPDATE notice SET is_banned = 0 where id = '.$id;
				$db->setQuery( $query );
				if($db->loadResult()) $msg = '解封消息失败！';
				else $msg = '解封消息成功！';
			}
//        	JRequest::setVar( 'task', 'enban' );
//			JRequest::setVar( 'cid', $id );
			}

		$this->setRedirect( 'index.php?option=com_notices', $msg);
	}
	
	
	
	function settodo()
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$db 			=& JFactory::getDBO('shaishaidb');
		$currentUser 	=& JFactory::getUser();
		//$acl			=& JFactory::getACL();
		$cid 			= JRequest::getVar( 'cid', array(), '', 'array' );
		
		JArrayHelper::toInteger( $cid );

		if (count( $cid ) < 1) {
			JError::raiseError(500, JText::_( '请先选择一用户，再进行操作', true ) );
		}

		foreach ($cid as $id)
		{
		
			$success = false;
			$query = 'SELECT is_banned'
					.' FROM notice '
					.' where id ='.$id;
			$db->setQuery( $query );
			$is_banned = $db->loadResult();
			if($is_banned == 2)
			   $msg = '该消息已为待审核状态！';
			else {
				
				$query = 'UPDATE notice SET is_banned = 2 where id = '.$id;
				$db->setQuery( $query );
				if($db->loadResult()) $msg = '消息状态设置失败！';
				else $msg = '消息状态设置成功！';
			}
//        	JRequest::setVar( 'task', 'enban' );
//			JRequest::setVar( 'cid', $id );
			}

		$this->setRedirect( 'index.php?option=com_notices', $msg);
	}

	/**
	 * Cancels an edit operation
	 */
	function cancel( )
	{
		$this->setRedirect( 'index.php?option=com_users' );
	}

	/**
	 * Disables the user account
	 */
	function block( )
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		$db 			=& JFactory::getDBO();
		$acl			=& JFactory::getACL();
		$currentUser 	=& JFactory::getUser();

		$cid 	= JRequest::getVar( 'cid', array(), '', 'array' );
		$block  = $this->getTask() == 'block' ? 1 : 0;

		JArrayHelper::toInteger( $cid );

		if (count( $cid ) < 1) {
			JError::raiseError(500, JText::_( 'Select a User to '.$this->getTask(), true ) );
		}
		foreach ($cid as $id)
		{
			// check for a super admin ... can't delete them
			$objectID 	= $acl->get_object_id( 'users', $id, 'ARO' );
			$groups 	= $acl->get_object_groups( $objectID, 'ARO' );
			$this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );

			$success = false;
			if ( $this_group == 'super administrator' )
			{
				$msg = JText::_( 'You cannot block a Super Administrator' );
			}
			else if ( $id == $currentUser->get( 'id' ) )
			{
				$msg = JText::_( 'You cannot block Yourself!' );
			}
			else if ( ( $this_group == 'administrator' ) && ( $currentUser->get( 'gid' ) == 24 ) )
			{
				$msg = JText::_( 'WARNBLOCK' );
			}
			else
			{
				$user =& JUser::getInstance((int)$id);
				$count = 2;

				if ( $user->get( 'gid' ) == 25 )
				{
					// count number of active super admins
					$query = 'SELECT COUNT( id )'
						. ' FROM #__users'
						. ' WHERE gid = 25'
						. ' AND block = 0'
					;
					$db->setQuery( $query );
					$count = $db->loadResult();
				}

				if ( $count <= 1 && $user->get( 'gid' ) == 25 )
				{
					// cannot delete Super Admin where it is the only one that exists
					$msg = "You cannot block this Super Administrator as it is the only active Super Administrator for your site";
				}
				else
				{
					$user =& JUser::getInstance((int)$id);
					$user->block = $block;
					$user->save();

					if($block)
					{
						JRequest::setVar( 'task', 'block' );
						JRequest::setVar( 'cid', array($id) );

						// delete user acounts active sessions
						$this->logout();
					}
				}
			}
		}

		$this->setRedirect( 'index.php?option=com_users', $msg);
	}

	/**
	 * Force log out a user
	 */
	function logout( )
	{
		// Check for request forgeries
		JRequest::checkToken() or jexit( 'Invalid Token' );

		global $mainframe;

		$db		=& JFactory::getDBO();
		$task 	= $this->getTask();
		$cids 	= JRequest::getVar( 'cid', array(), '', 'array' );
		$client = JRequest::getVar( 'client', 0, '', 'int' );
		$id 	= JRequest::getVar( 'id', 0, '', 'int' );

		JArrayHelper::toInteger($cids);

		if ( count( $cids ) < 1 ) {
			$this->setRedirect( 'index.php?option=com_users', JText::_( 'User Deleted' ) );
			return false;
		}

		foreach($cids as $cid)
		{
			$options = array();

			if ($task == 'logout' || $task == 'block') {
				$options['clientid'][] = 0; //site
				$options['clientid'][] = 1; //administrator
			} else if ($task == 'flogout') {
				$options['clientid'][] = $client;
			}

			$mainframe->logout((int)$cid, $options);
		}


		$msg = JText::_( 'User Session Ended' );
		switch ( $task )
		{
			case 'flogout':
				$this->setRedirect( 'index.php', $msg );
				break;

			case 'remove':
			case 'block':
				return;
				break;

			default:
				$this->setRedirect( 'index.php?option=com_users', $msg );
				break;
		}
	}

	function contact()
	{
		$contact_id = JRequest::getVar( 'contact_id', '', 'post', 'int' );
		$this->setRedirect( 'index.php?option=com_contact&task=edit&cid[]='. $contact_id );
	}
}
